mirror of
https://github.com/discourse/discourse.git
synced 2025-01-19 03:43:15 +08:00
34d04e7507
When a post has some replies, and the user click on the button to show them, we would load ALL the replies. This could lead to DoS if there were a very large number of replies. This adds support for pagination to these post replies. Internal ref t/129773 FIX: Duplicated parent posts DEV: Query refactor
3106 lines
96 KiB
Ruby
3106 lines
96 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.shared_examples "finding and showing post" do
|
|
let!(:post) { post_by_user }
|
|
|
|
it "ensures the user can't see the post" do
|
|
topic = post.topic
|
|
topic.convert_to_private_message(Discourse.system_user)
|
|
topic.remove_allowed_user(Discourse.system_user, user.username)
|
|
get url
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "succeeds" do
|
|
get url
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "returns 404 when post's topic is deleted" do
|
|
post.topic.destroy!
|
|
get url
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
context "with deleted post" do
|
|
before { post.trash!(user) }
|
|
|
|
it "can't find deleted posts as an anonymous user" do
|
|
get url
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "can't find deleted posts as a regular user" do
|
|
sign_in(user)
|
|
get url
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "can find posts as a moderator" do
|
|
sign_in(moderator)
|
|
get url
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "can find posts as a admin" do
|
|
sign_in(admin)
|
|
get url
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
context "with category group moderator" do
|
|
fab!(:group_user)
|
|
let(:user_gm) { group_user.user }
|
|
let(:group) { group_user.group }
|
|
|
|
before do
|
|
SiteSetting.enable_category_group_moderation = true
|
|
sign_in(user_gm)
|
|
end
|
|
|
|
it "can find posts in the allowed category" do
|
|
post.topic.category.update!(topic_id: topic.id)
|
|
Fabricate(:category_moderation_group, category: post.topic.category, group:)
|
|
get url
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "can't find posts outside of the allowed category" do
|
|
get url
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
RSpec.shared_examples "action requires login" do |method, url, params = {}|
|
|
it "raises an exception when not logged in" do
|
|
self.public_send(method, url, **params)
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
RSpec.describe PostsController do
|
|
fab!(:admin)
|
|
fab!(:moderator) { Fabricate(:moderator, refresh_auto_groups: true) }
|
|
fab!(:user) { Fabricate(:user, refresh_auto_groups: true) }
|
|
fab!(:user_trust_level_0) { Fabricate(:trust_level_0) }
|
|
fab!(:user_trust_level_1) { Fabricate(:trust_level_1) }
|
|
fab!(:category)
|
|
fab!(:topic)
|
|
fab!(:post_by_user) { Fabricate(:post, user: user) }
|
|
let(:public_post) { Fabricate(:post, user: user, topic: topic) }
|
|
let(:topicless_post) { Fabricate(:post, user: user, raw: "<p>Car 54, where are you?</p>") }
|
|
|
|
let(:private_topic) { Fabricate(:topic, archetype: Archetype.private_message, category_id: nil) }
|
|
let(:private_post) { Fabricate(:post, user: user, topic: private_topic) }
|
|
|
|
describe "#show" do
|
|
include_examples "finding and showing post" do
|
|
let(:url) { "/posts/#{post.id}.json" }
|
|
end
|
|
|
|
it "gets all the expected fields" do
|
|
# non fabricated test
|
|
new_post = create_post
|
|
|
|
get "/posts/#{new_post.id}.json"
|
|
parsed = response.parsed_body
|
|
|
|
expect(parsed["topic_slug"]).to eq(new_post.topic.slug)
|
|
expect(parsed["moderator"]).to eq(false)
|
|
expect(parsed["username"]).to eq(new_post.user.username)
|
|
expect(parsed["cooked"]).to eq(new_post.cooked)
|
|
end
|
|
end
|
|
|
|
describe "#by_number" do
|
|
include_examples "finding and showing post" do
|
|
let(:url) { "/posts/by_number/#{post.topic_id}/#{post.post_number}.json" }
|
|
end
|
|
end
|
|
|
|
describe "#by_date" do
|
|
include_examples "finding and showing post" do
|
|
let(:url) { "/posts/by-date/#{post.topic_id}/#{post.created_at.strftime("%Y-%m-%d")}.json" }
|
|
end
|
|
|
|
it "returns the expected post" do
|
|
first_post = Fabricate(:post, created_at: 10.days.ago)
|
|
second_post = Fabricate(:post, topic: first_post.topic, created_at: 4.days.ago)
|
|
_third_post = Fabricate(:post, topic: first_post.topic, created_at: 3.days.ago)
|
|
|
|
get "/posts/by-date/#{second_post.topic_id}/#{(second_post.created_at - 2.days).strftime("%Y-%m-%d")}.json"
|
|
json = response.parsed_body
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(json["id"]).to eq(second_post.id)
|
|
end
|
|
|
|
it "returns no post if date is > at last created post" do
|
|
get "/posts/by-date/#{post.topic_id}/2245-11-11.json"
|
|
_json = response.parsed_body
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
|
|
describe "#reply_history" do
|
|
include_examples "finding and showing post" do
|
|
let(:url) { "/posts/#{post.id}/reply-history.json" }
|
|
end
|
|
|
|
it "returns the replies with allowlisted user custom fields" do
|
|
parent = Fabricate(:post)
|
|
child = Fabricate(:post, topic: parent.topic, reply_to_post_number: parent.post_number)
|
|
|
|
parent.user.upsert_custom_fields(hello: "world", hidden: "dontshow")
|
|
SiteSetting.public_user_custom_fields = "hello"
|
|
|
|
get "/posts/#{child.id}/reply-history.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
json = response.parsed_body
|
|
expect(json[0]["id"]).to eq(parent.id)
|
|
expect(json[0]["user_custom_fields"]["hello"]).to eq("world")
|
|
expect(json[0]["user_custom_fields"]["hidden"]).to be_blank
|
|
end
|
|
end
|
|
|
|
describe "#reply_ids" do
|
|
include_examples "finding and showing post" do
|
|
let(:url) { "/posts/#{post.id}/reply-ids.json" }
|
|
end
|
|
|
|
it "returns ids of post's replies" do
|
|
post = Fabricate(:post)
|
|
reply1 = Fabricate(:post, topic: post.topic, reply_to_post_number: post.post_number)
|
|
reply2 = Fabricate(:post, topic: post.topic, reply_to_post_number: post.post_number)
|
|
PostReply.create(post_id: post.id, reply_post_id: reply1.id)
|
|
PostReply.create(post_id: post.id, reply_post_id: reply2.id)
|
|
|
|
get "/posts/#{post.id}/reply-ids.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body).to eq(
|
|
[{ "id" => reply1.id, "level" => 1 }, { "id" => reply2.id, "level" => 1 }],
|
|
)
|
|
end
|
|
end
|
|
|
|
describe "#replies" do
|
|
include_examples "finding and showing post" do
|
|
let(:url) { "/posts/#{post.id}/replies.json" }
|
|
end
|
|
|
|
it "asks post for replies" do
|
|
parent = Fabricate(:post)
|
|
child = Fabricate(:post, topic: parent.topic, reply_to_post_number: parent.post_number)
|
|
PostReply.create!(post: parent, reply: child)
|
|
|
|
child.user.upsert_custom_fields(hello: "world", hidden: "dontshow")
|
|
SiteSetting.public_user_custom_fields = "hello"
|
|
|
|
get "/posts/#{parent.id}/replies.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
json = response.parsed_body
|
|
expect(json[0]["id"]).to eq(child.id)
|
|
expect(json[0]["user_custom_fields"]["hello"]).to eq("world")
|
|
expect(json[0]["user_custom_fields"]["hidden"]).to be_blank
|
|
end
|
|
|
|
it "supports pagination" do
|
|
parent = Fabricate(:post)
|
|
30.times do
|
|
reply = Fabricate(:post, topic: parent.topic, reply_to_post_number: parent.post_number)
|
|
PostReply.create!(post: parent, reply:)
|
|
end
|
|
|
|
get "/posts/#{parent.id}/replies.json", params: { after: parent.post_number }
|
|
expect(response.status).to eq(200)
|
|
replies = response.parsed_body
|
|
expect(replies.size).to eq(20)
|
|
|
|
after = replies.last["post_number"]
|
|
|
|
get "/posts/#{parent.id}/replies.json", params: { after: }
|
|
expect(response.status).to eq(200)
|
|
replies = response.parsed_body
|
|
expect(replies.size).to eq(10)
|
|
expect(replies[0][:post_number]).to eq(after + 1)
|
|
|
|
get "/posts/#{parent.id}/replies.json", params: { after: 999_999 }
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body.size).to eq(0)
|
|
end
|
|
end
|
|
|
|
describe "#destroy" do
|
|
include_examples "action requires login", :delete, "/posts/123.json"
|
|
|
|
describe "when logged in" do
|
|
let(:topic) { Fabricate(:topic) }
|
|
|
|
it "raises an error when the user doesn't have permission to see the post" do
|
|
pm = Fabricate(:private_message_topic)
|
|
post = Fabricate(:post, topic: pm, post_number: 3)
|
|
|
|
sign_in(user)
|
|
|
|
delete "/posts/#{post.id}.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "raises an error when the self deletions are disabled" do
|
|
SiteSetting.max_post_deletions_per_day = 0
|
|
post = Fabricate(:post, user: user, topic: topic, post_number: 3)
|
|
sign_in(user)
|
|
|
|
delete "/posts/#{post.id}.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "uses a PostDestroyer" do
|
|
post = Fabricate(:post, topic_id: topic.id, post_number: 3)
|
|
sign_in(moderator)
|
|
|
|
destroyer = mock
|
|
PostDestroyer.expects(:new).returns(destroyer)
|
|
destroyer.expects(:destroy)
|
|
|
|
delete "/posts/#{post.id}.json"
|
|
end
|
|
|
|
context "with permanently destroy" do
|
|
let!(:post) { Fabricate(:post, topic_id: topic.id, post_number: 3) }
|
|
|
|
before { SiteSetting.can_permanently_delete = true }
|
|
|
|
it "does not work for a post that was not deleted yet" do
|
|
sign_in(admin)
|
|
|
|
delete "/posts/#{post.id}.json", params: { force_destroy: true }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "needs some time to pass to permanently delete a topic" do
|
|
sign_in(admin)
|
|
|
|
delete "/posts/#{post.id}.json"
|
|
expect(response.status).to eq(200)
|
|
expect(post.reload.deleted_by_id).to eq(admin.id)
|
|
|
|
delete "/posts/#{post.id}.json", params: { force_destroy: true }
|
|
expect(response.status).to eq(403)
|
|
|
|
post.update!(deleted_at: 10.minutes.ago)
|
|
|
|
delete "/posts/#{post.id}.json", params: { force_destroy: true }
|
|
expect(response.status).to eq(200)
|
|
expect { post.reload }.to raise_error(ActiveRecord::RecordNotFound)
|
|
end
|
|
|
|
it "needs two users to permanently delete a topic" do
|
|
sign_in(admin)
|
|
|
|
delete "/posts/#{post.id}.json"
|
|
expect(response.status).to eq(200)
|
|
expect(post.reload.deleted_by_id).to eq(admin.id)
|
|
|
|
sign_in(Fabricate(:admin))
|
|
|
|
delete "/posts/#{post.id}.json", params: { force_destroy: true }
|
|
expect(response.status).to eq(200)
|
|
expect { post.reload }.to raise_error(ActiveRecord::RecordNotFound)
|
|
end
|
|
|
|
it "moderators cannot permanently delete topics" do
|
|
sign_in(admin)
|
|
|
|
delete "/posts/#{post.id}.json"
|
|
expect(response.status).to eq(200)
|
|
expect(post.reload.deleted_by_id).to eq(admin.id)
|
|
|
|
sign_in(moderator)
|
|
|
|
delete "/posts/#{post.id}.json", params: { force_destroy: true }
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "creates a log and clean up previously recorded sensitive information" do
|
|
sign_in(admin)
|
|
|
|
delete "/posts/#{post.id}.json"
|
|
expect(response.status).to eq(200)
|
|
expect(post.reload.deleted_by_id).to eq(admin.id)
|
|
|
|
post.update!(deleted_at: 10.minutes.ago)
|
|
|
|
delete "/posts/#{post.id}.json", params: { force_destroy: true }
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(UserHistory.last).to have_attributes(
|
|
action: UserHistory.actions[:delete_post_permanently],
|
|
acting_user_id: admin.id,
|
|
)
|
|
|
|
expect(UserHistory.where(post_id: post.id, details: "(permanently deleted)").count).to eq(
|
|
2,
|
|
)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#destroy_many" do
|
|
include_examples "action requires login",
|
|
:delete,
|
|
"/posts/destroy_many.json",
|
|
params: {
|
|
post_ids: [123, 345],
|
|
}
|
|
|
|
describe "when logged in" do
|
|
fab!(:poster) { Fabricate(:moderator) }
|
|
fab!(:post1) { Fabricate(:post, user: poster, post_number: 2) }
|
|
fab!(:post2) do
|
|
Fabricate(
|
|
:post,
|
|
topic: post1.topic,
|
|
user: poster,
|
|
post_number: 3,
|
|
reply_to_post_number: post1.post_number,
|
|
)
|
|
end
|
|
|
|
it "raises invalid parameters no post_ids" do
|
|
sign_in(poster)
|
|
delete "/posts/destroy_many.json"
|
|
expect(response.status).to eq(400)
|
|
expect(response.message.downcase).to eq("bad request")
|
|
end
|
|
|
|
it "raises invalid parameters with missing ids" do
|
|
sign_in(poster)
|
|
delete "/posts/destroy_many.json", params: { post_ids: [12_345] }
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "raises an error when the user doesn't have permission to delete the posts" do
|
|
sign_in(user)
|
|
delete "/posts/destroy_many.json", params: { post_ids: [post1.id, post2.id] }
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "deletes the post" do
|
|
sign_in(poster)
|
|
PostDestroyer.any_instance.expects(:destroy).twice
|
|
delete "/posts/destroy_many.json", params: { post_ids: [post1.id, post2.id] }
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "updates the highest read data for the forum" do
|
|
sign_in(poster)
|
|
Topic.expects(:reset_highest).twice
|
|
delete "/posts/destroy_many.json", params: { post_ids: [post1.id, post2.id] }
|
|
end
|
|
|
|
describe "can delete replies" do
|
|
before { PostReply.create(post_id: post1.id, reply_post_id: post2.id) }
|
|
|
|
it "deletes the post and the reply to it" do
|
|
sign_in(poster)
|
|
PostDestroyer.any_instance.expects(:destroy).twice
|
|
delete "/posts/destroy_many.json",
|
|
params: {
|
|
post_ids: [post1.id],
|
|
reply_post_ids: [post1.id],
|
|
}
|
|
end
|
|
end
|
|
|
|
context "when deleting flagged posts" do
|
|
before do
|
|
sign_in(moderator)
|
|
PostActionCreator.off_topic(moderator, post1)
|
|
PostActionCreator.off_topic(moderator, post2)
|
|
Jobs::SendSystemMessage.clear
|
|
end
|
|
|
|
it "defers the child posts by default" do
|
|
expect(ReviewableFlaggedPost.pending.count).to eq(2)
|
|
delete "/posts/destroy_many.json", params: { post_ids: [post1.id, post2.id] }
|
|
expect(Jobs::SendSystemMessage.jobs.size).to eq(1)
|
|
expect(ReviewableFlaggedPost.pending.count).to eq(0)
|
|
end
|
|
|
|
it "can defer all posts based on `agree_with_first_reply_flag` param" do
|
|
expect(ReviewableFlaggedPost.pending.count).to eq(2)
|
|
delete "/posts/destroy_many.json",
|
|
params: {
|
|
post_ids: [post1.id, post2.id],
|
|
agree_with_first_reply_flag: false,
|
|
}
|
|
PostActionCreator.off_topic(moderator, post1)
|
|
PostActionCreator.off_topic(moderator, post2)
|
|
Jobs::SendSystemMessage.clear
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#recover" do
|
|
include_examples "action requires login", :put, "/posts/123/recover.json"
|
|
|
|
describe "when logged in" do
|
|
it "raises an error when the user doesn't have permission to see the post" do
|
|
post = Fabricate(:post, topic: Fabricate(:private_message_topic), post_number: 3)
|
|
sign_in(user)
|
|
|
|
put "/posts/#{post.id}/recover.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "raises an error when self deletion/recovery is disabled" do
|
|
SiteSetting.max_post_deletions_per_day = 0
|
|
post = Fabricate(:post, user: user, topic: topic, post_number: 3)
|
|
sign_in(user)
|
|
|
|
put "/posts/#{post.id}/recover.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "recovers a post correctly" do
|
|
topic_id = create_post.topic_id
|
|
post = create_post(topic_id: topic_id)
|
|
sign_in(user)
|
|
|
|
PostDestroyer.new(user, post).destroy
|
|
put "/posts/#{post.id}/recover.json"
|
|
post.reload
|
|
expect(post.trashed?).to be_falsey
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#update" do
|
|
include_examples "action requires login", :put, "/posts/2.json"
|
|
|
|
let!(:post) { post_by_user }
|
|
let(:update_params) do
|
|
{
|
|
post: {
|
|
raw: "edited body",
|
|
edit_reason: "typo",
|
|
},
|
|
image_sizes: {
|
|
"http://image.com/image.jpg" => {
|
|
"width" => 123,
|
|
"height" => 456,
|
|
},
|
|
},
|
|
}
|
|
end
|
|
|
|
describe "when logged in as a regular user" do
|
|
before { sign_in(user) }
|
|
|
|
it "does not allow TL0 or TL1 to update when edit time limit expired" do
|
|
SiteSetting.post_edit_time_limit = 5
|
|
SiteSetting.tl2_post_edit_time_limit = 30
|
|
|
|
post = Fabricate(:post, created_at: 10.minutes.ago, user: user)
|
|
|
|
user.update_columns(trust_level: 1)
|
|
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("too_late_to_edit"))
|
|
end
|
|
|
|
it "does not allow TL2 to update when edit time limit expired" do
|
|
SiteSetting.post_edit_time_limit = 12
|
|
SiteSetting.tl2_post_edit_time_limit = 8
|
|
|
|
user.update_columns(trust_level: 2)
|
|
|
|
post = Fabricate(:post, created_at: 10.minutes.ago, user: user)
|
|
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("too_late_to_edit"))
|
|
end
|
|
|
|
it "passes the image sizes through" do
|
|
Post.any_instance.expects(:image_sizes=)
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
end
|
|
|
|
it "passes the edit reason through" do
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
expect(response.status).to eq(200)
|
|
post.reload
|
|
expect(post.edit_reason).to eq("typo")
|
|
expect(post.raw).to eq("edited body")
|
|
end
|
|
|
|
it "checks for an edit conflict" do
|
|
update_params[:post][:raw_old] = "old body"
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
|
|
expect(response.status).to eq(409)
|
|
end
|
|
|
|
it "raises an error when the post parameter is missing" do
|
|
update_params.delete(:post)
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
expect(response.status).to eq(400)
|
|
expect(response.message.downcase).to eq("bad request")
|
|
end
|
|
|
|
it "raises an error when the user doesn't have permission to see the post" do
|
|
post = Fabricate(:private_message_post, post_number: 3)
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "updates post's raw attribute" do
|
|
put "/posts/#{post.id}.json", params: { post: { raw: "edited body " } }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["post"]["raw"]).to eq("edited body")
|
|
expect(post.reload.raw).to eq("edited body")
|
|
end
|
|
|
|
it "extracts links from the new body" do
|
|
param = update_params
|
|
param[:post][:raw] = "I just visited this https://google.com so many cool links"
|
|
|
|
put "/posts/#{post.id}.json", params: param
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(TopicLink.count).to eq(1)
|
|
end
|
|
|
|
it "doesn't allow updating of deleted posts" do
|
|
first_post = post.topic.ordered_posts.first
|
|
PostDestroyer.new(moderator, first_post).destroy
|
|
|
|
put "/posts/#{first_post.id}.json", params: update_params
|
|
expect(response).not_to be_successful
|
|
end
|
|
end
|
|
|
|
describe "when logged in as staff" do
|
|
before { sign_in(moderator) }
|
|
|
|
it "supports updating posts in deleted topics" do
|
|
first_post = post.topic.ordered_posts.first
|
|
PostDestroyer.new(moderator, first_post).destroy
|
|
|
|
put "/posts/#{first_post.id}.json", params: update_params
|
|
expect(response.status).to eq(200)
|
|
|
|
post.reload
|
|
expect(post.raw).to eq("edited body")
|
|
end
|
|
|
|
it "won't update bump date if post is a whisper" do
|
|
created_at = freeze_time 1.day.ago
|
|
post = Fabricate(:post, post_type: Post.types[:whisper], user: user)
|
|
|
|
unfreeze_time
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(post.topic.reload.bumped_at).to eq_time(created_at)
|
|
end
|
|
end
|
|
|
|
describe "when logged in as group moderator" do
|
|
fab!(:topic) { Fabricate(:topic, category: category) }
|
|
fab!(:post) { Fabricate(:post, user: user, topic: topic) }
|
|
fab!(:group_user)
|
|
let(:user_gm) { group_user.user }
|
|
let(:group) { group_user.group }
|
|
|
|
before do
|
|
SiteSetting.enable_category_group_moderation = true
|
|
Fabricate(:category_moderation_group, category: post.topic.category, group:)
|
|
post.topic.category.update!(topic_id: topic.id)
|
|
sign_in(user_gm)
|
|
end
|
|
|
|
it "allows updating the category description" do
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
expect(response.status).to eq(200)
|
|
|
|
post.reload
|
|
expect(post.raw).to eq("edited body")
|
|
expect(UserHistory.where(action: UserHistory.actions[:post_edit]).count).to eq(1)
|
|
end
|
|
|
|
it "can not update category descriptions in other categories" do
|
|
second_category = Fabricate(:category)
|
|
topic.update!(category: second_category)
|
|
|
|
put "/posts/#{post.id}.json", params: update_params
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
it "can not change category to a disallowed category" do
|
|
post = create_post
|
|
sign_in(post.user)
|
|
|
|
category = Fabricate(:category)
|
|
category.set_permissions(staff: :full)
|
|
category.save!
|
|
|
|
put "/posts/#{post.id}.json",
|
|
params: {
|
|
post: {
|
|
category_id: category.id,
|
|
raw: "this is a test edit to post",
|
|
},
|
|
}
|
|
|
|
expect(response.status).not_to eq(200)
|
|
expect(post.topic.category_id).not_to eq(category.id)
|
|
end
|
|
|
|
it "can not move to a category that requires topic approval" do
|
|
post = create_post
|
|
sign_in(post.user)
|
|
|
|
category = Fabricate(:category)
|
|
category.require_topic_approval = true
|
|
category.save!
|
|
|
|
put "/posts/#{post.id}.json",
|
|
params: {
|
|
post: {
|
|
category_id: category.id,
|
|
raw: "this is a test edit to post",
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(403)
|
|
expect(post.topic.reload.category_id).not_to eq(category.id)
|
|
end
|
|
|
|
describe "trying to add a link without permission" do
|
|
it "returns an error message if links are added to posts when not allowed" do
|
|
post = create_post
|
|
sign_in(post.user)
|
|
SiteSetting.post_links_allowed_groups = Group::AUTO_GROUPS[:admins]
|
|
|
|
put "/posts/#{post.id}",
|
|
params: {
|
|
post: {
|
|
raw: "I'm editing this post to add www.linkhere.com",
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.body).to include("Sorry, you can't include links in your posts.")
|
|
end
|
|
end
|
|
|
|
describe "with Post.plugin_permitted_update_params" do
|
|
before do
|
|
plugin = Plugin::Instance.new
|
|
plugin.add_permitted_post_update_param(:random_number) do |post, value|
|
|
post.custom_fields[:random_number] = value
|
|
post.save
|
|
end
|
|
end
|
|
|
|
after { DiscoursePluginRegistry.reset! }
|
|
|
|
it "calls blocks passed into `add_permitted_post_update_param`" do
|
|
sign_in(post.user)
|
|
put "/posts/#{post.id}.json",
|
|
params: {
|
|
post: {
|
|
raw: "this is a random post",
|
|
raw_old: post.raw,
|
|
random_number: 244,
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(post.reload.custom_fields[:random_number]).to eq("244")
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#destroy_bookmark" do
|
|
fab!(:post)
|
|
fab!(:bookmark) { Fabricate(:bookmark, user: user, bookmarkable: post) }
|
|
|
|
before { sign_in(user) }
|
|
|
|
it "deletes the bookmark" do
|
|
bookmark_id = bookmark.id
|
|
delete "/posts/#{post.id}/bookmark.json"
|
|
expect(Bookmark.find_by(id: bookmark_id)).to eq(nil)
|
|
end
|
|
|
|
context "when the user still has bookmarks in the topic" do
|
|
before { Fabricate(:bookmark, user: user, bookmarkable: Fabricate(:post, topic: post.topic)) }
|
|
it "marks topic_bookmarked as true" do
|
|
delete "/posts/#{post.id}/bookmark.json"
|
|
expect(response.parsed_body["topic_bookmarked"]).to eq(true)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#wiki" do
|
|
include_examples "action requires login", :put, "/posts/2/wiki.json"
|
|
|
|
describe "when logged in" do
|
|
before { sign_in(user) }
|
|
|
|
let!(:post) { post_by_user }
|
|
|
|
it "returns 400 when wiki parameter is not present" do
|
|
sign_in(admin)
|
|
|
|
put "/posts/#{post.id}/wiki.json", params: {}
|
|
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "raises an error if the user doesn't have permission to wiki the post" do
|
|
put "/posts/#{post.id}/wiki.json", params: { wiki: "true" }
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "toggle wiki status should create a new version" do
|
|
sign_in(admin)
|
|
another_user = Fabricate(:user)
|
|
another_post = Fabricate(:post, user: another_user)
|
|
|
|
expect do
|
|
put "/posts/#{another_post.id}/wiki.json", params: { wiki: "true" }
|
|
end.to change { another_post.reload.version }.by(1)
|
|
|
|
expect do
|
|
put "/posts/#{another_post.id}/wiki.json", params: { wiki: "false" }
|
|
end.to change { another_post.reload.version }.by(-1)
|
|
|
|
sign_in(Fabricate(:admin))
|
|
|
|
expect do
|
|
put "/posts/#{another_post.id}/wiki.json", params: { wiki: "true" }
|
|
end.to change { another_post.reload.version }.by(1)
|
|
end
|
|
|
|
it "can wiki a post" do
|
|
sign_in(admin)
|
|
put "/posts/#{post.id}/wiki.json", params: { wiki: "true" }
|
|
|
|
post.reload
|
|
expect(post.wiki).to eq(true)
|
|
end
|
|
|
|
it "can unwiki a post" do
|
|
wikied_post = Fabricate(:post, user: user, wiki: true)
|
|
sign_in(admin)
|
|
|
|
put "/posts/#{wikied_post.id}/wiki.json", params: { wiki: "false" }
|
|
|
|
wikied_post.reload
|
|
expect(wikied_post.wiki).to eq(false)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#post_type" do
|
|
include_examples "action requires login", :put, "/posts/2/post_type.json"
|
|
|
|
describe "when logged in" do
|
|
before { sign_in(moderator) }
|
|
|
|
let!(:post) { post_by_user }
|
|
|
|
it "raises an error if the user doesn't have permission to change the post type" do
|
|
sign_in(user)
|
|
|
|
put "/posts/#{post.id}/post_type.json", params: { post_type: 2 }
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "returns 400 if post_type parameter is not present" do
|
|
put "/posts/#{post.id}/post_type.json", params: {}
|
|
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "returns 400 if post_type parameters is invalid" do
|
|
put "/posts/#{post.id}/post_type.json", params: { post_type: -1 }
|
|
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "can change the post type" do
|
|
put "/posts/#{post.id}/post_type.json", params: { post_type: 2 }
|
|
|
|
post.reload
|
|
expect(post.post_type).to eq(2)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#rebake" do
|
|
include_examples "action requires login", :put, "/posts/2/rebake.json"
|
|
|
|
describe "when logged in" do
|
|
let!(:post) { post_by_user }
|
|
|
|
it "raises an error if the user doesn't have permission to rebake the post" do
|
|
sign_in(user)
|
|
put "/posts/#{post.id}/rebake.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "can rebake the post" do
|
|
sign_in(moderator)
|
|
put "/posts/#{post.id}/rebake.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "will invalidate broken images cache" do
|
|
sign_in(moderator)
|
|
PostHotlinkedMedia.create!(
|
|
url: "https://example.com/image.jpg",
|
|
post: post,
|
|
status: "download_failed",
|
|
)
|
|
put "/posts/#{post.id}/rebake.json"
|
|
post.reload
|
|
expect(post.post_hotlinked_media).to eq([])
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#create" do
|
|
include_examples "action requires login", :post, "/posts.json"
|
|
|
|
before do
|
|
SiteSetting.min_first_post_typing_time = 0
|
|
SiteSetting.whispers_allowed_groups = "#{Group::AUTO_GROUPS[:staff]}"
|
|
end
|
|
|
|
context "with api" do
|
|
it "memoizes duplicate requests" do
|
|
raw = "this is a test post 123 #{SecureRandom.hash}"
|
|
title = "this is a title #{SecureRandom.hash}"
|
|
|
|
master_key = Fabricate(:api_key).key
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: raw,
|
|
title: title,
|
|
wpid: 1,
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
original = response.body
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: raw,
|
|
title: title,
|
|
wpid: 2,
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username_lower,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.body).to eq(original)
|
|
end
|
|
|
|
it "returns a valid JSON response when the post is enqueued" do
|
|
SiteSetting.approve_unless_allowed_groups = Group::AUTO_GROUPS[:trust_level_4]
|
|
|
|
master_key = Fabricate(:api_key).key
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is test post #{SecureRandom.alphanumeric}",
|
|
title: "this is a test title #{SecureRandom.alphanumeric}",
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["action"]).to eq("enqueued")
|
|
end
|
|
|
|
it "allows to create posts in import_mode" do
|
|
Jobs.run_immediately!
|
|
NotificationEmailer.enable
|
|
post_1 = Fabricate(:post)
|
|
master_key = Fabricate(:api_key).key
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is test reply 1",
|
|
topic_id: post_1.topic.id,
|
|
reply_to_post_number: 1,
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(post_1.topic.user.notifications.count).to eq(1)
|
|
post_1.topic.user.notifications.destroy_all
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is test reply 2",
|
|
topic_id: post_1.topic.id,
|
|
reply_to_post_number: 1,
|
|
import_mode: true,
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(post_1.topic.user.notifications.count).to eq(0)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is test reply 3",
|
|
topic_id: post_1.topic.id,
|
|
reply_to_post_number: 1,
|
|
import_mode: false,
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(post_1.topic.user.notifications.count).to eq(1)
|
|
end
|
|
|
|
it "allows a topic to be created with an external_id" do
|
|
master_key = Fabricate(:api_key).key
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is some post",
|
|
external_id: "external_id",
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
new_topic = Topic.last
|
|
|
|
expect(new_topic.external_id).to eq("external_id")
|
|
end
|
|
|
|
it "prevents whispers for regular users" do
|
|
post_1 = Fabricate(:post)
|
|
user_key = ApiKey.create!(user: user).key
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is test whisper",
|
|
topic_id: post_1.topic.id,
|
|
reply_to_post_number: 1,
|
|
whisper: true,
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: user_key,
|
|
}
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "does not advance draft" do
|
|
Draft.set(user, Draft::NEW_TOPIC, 0, "test")
|
|
user_key = ApiKey.create!(user: user).key
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
title: "this is a test topic",
|
|
raw: "this is test whisper",
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: user_key,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(Draft.get(user, Draft::NEW_TOPIC, 0)).to eq("test")
|
|
end
|
|
|
|
it "will raise an error if specified category cannot be found" do
|
|
user = Fabricate(:admin)
|
|
master_key = Fabricate(:api_key).key
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
title: "this is a test title",
|
|
raw: "this is test body",
|
|
category: "invalid",
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
|
|
expect(response.status).to eq(400)
|
|
|
|
expect(response.parsed_body["errors"]).to include(
|
|
I18n.t("invalid_params", message: "category"),
|
|
)
|
|
end
|
|
|
|
it "will raise an error if specified embed_url is invalid" do
|
|
user = Fabricate(:admin)
|
|
master_key = Fabricate(:api_key).key
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
title: "this is a test title",
|
|
raw: "this is test body",
|
|
embed_url: "/test.txt",
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
it "creates unlisted topic with admin master key" do
|
|
master_key = Fabricate(:api_key).key
|
|
|
|
expect do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is a test title",
|
|
title: "this is test body",
|
|
unlist_topic: true,
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: admin.username,
|
|
HTTP_API_KEY: master_key,
|
|
}
|
|
end.to change { Topic.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(Topic.find(response.parsed_body["topic_id"]).visible).to eq(false)
|
|
end
|
|
|
|
it "prevents creation of unlisted topic with non-admin key" do
|
|
user_key = ApiKey.create!(user: user).key
|
|
|
|
expect do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is a test title",
|
|
title: "this is test body",
|
|
unlist_topic: true,
|
|
},
|
|
headers: {
|
|
HTTP_API_USERNAME: user.username,
|
|
HTTP_API_KEY: user_key,
|
|
}
|
|
end.not_to change { Topic.count }
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(
|
|
I18n.t("activerecord.errors.models.topic.attributes.base.unable_to_unlist"),
|
|
)
|
|
end
|
|
end
|
|
|
|
describe "when logged in" do
|
|
fab!(:user) { Fabricate(:user, refresh_auto_groups: true) }
|
|
|
|
before { sign_in(user) }
|
|
|
|
context "when fast typing" do
|
|
before do
|
|
SiteSetting.min_first_post_typing_time = 3000
|
|
SiteSetting.auto_silence_fast_typers_max_trust_level = 1
|
|
end
|
|
|
|
it "queues the post if min_first_post_typing_time is not met" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
composer_open_duration_msecs: 204,
|
|
typing_duration_msecs: 100,
|
|
reply_to_post_number: 123,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
parsed = response.parsed_body
|
|
|
|
expect(parsed["action"]).to eq("enqueued")
|
|
|
|
user.reload
|
|
expect(user).to be_silenced
|
|
|
|
rp = ReviewableQueuedPost.find_by(target_created_by: user)
|
|
expect(rp.payload["typing_duration_msecs"]).to eq(100)
|
|
expect(rp.payload["composer_open_duration_msecs"]).to eq(204)
|
|
expect(rp.payload["reply_to_post_number"]).to eq(123)
|
|
expect(rp.reviewable_scores.first.reason).to eq("fast_typer")
|
|
|
|
expect(parsed["pending_post"]).to be_present
|
|
expect(parsed["pending_post"]["id"]).to eq(rp.id)
|
|
expect(parsed["pending_post"]["raw"]).to eq("this is the test content")
|
|
|
|
mod = moderator
|
|
rp.perform(mod, :approve_post)
|
|
|
|
user.reload
|
|
expect(user).not_to be_silenced
|
|
end
|
|
|
|
it "doesn't enqueue posts when user first creates a topic" do
|
|
topic = Fabricate(:post, user: user).topic
|
|
|
|
Draft.set(user, "should_clear", 0, "{'a' : 'b'}")
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
composer_open_duration_msecs: 204,
|
|
typing_duration_msecs: 100,
|
|
topic_id: topic.id,
|
|
draft_key: "should_clear",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
parsed = response.parsed_body
|
|
|
|
expect(parsed["action"]).not_to be_present
|
|
|
|
expect { Draft.get(user, "should_clear", 0) }.to raise_error(Draft::OutOfSequence)
|
|
end
|
|
|
|
it "doesn't enqueue replies when the topic is closed" do
|
|
topic = Fabricate(:closed_topic)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
topic_id: topic.id,
|
|
}
|
|
|
|
expect(response).not_to be_successful
|
|
parsed = response.parsed_body
|
|
expect(parsed["action"]).not_to eq("enqueued")
|
|
end
|
|
|
|
it "doesn't enqueue replies when the post is too long" do
|
|
SiteSetting.max_post_length = 10
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
}
|
|
|
|
expect(response).not_to be_successful
|
|
parsed = response.parsed_body
|
|
expect(parsed["action"]).not_to eq("enqueued")
|
|
end
|
|
|
|
it "doesn't enqueue replies when the post is too long (including a html comment)" do
|
|
SiteSetting.max_post_length = 10
|
|
raw = "A post <!-- " + ("a" * 3000) + "-->"
|
|
|
|
post "/posts.json", params: { raw: raw, title: "this is the test title for the topic" }
|
|
|
|
expect(response).not_to be_successful
|
|
parsed = response.parsed_body
|
|
expect(parsed["action"]).not_to eq("enqueued")
|
|
end
|
|
end
|
|
|
|
it "silences correctly based on auto_silence_first_post_regex" do
|
|
SiteSetting.auto_silence_first_post_regex = "I love candy|i eat s[1-5]"
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "when I eat s3 sometimes when not looking",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
parsed = response.parsed_body
|
|
|
|
expect(parsed["action"]).to eq("enqueued")
|
|
reviewable = ReviewableQueuedPost.find_by(target_created_by: user)
|
|
score = reviewable.reviewable_scores.first
|
|
expect(score.reason).to eq("auto_silence_regex")
|
|
|
|
user.reload
|
|
expect(user).to be_silenced
|
|
end
|
|
|
|
it "silences correctly based on silence watched words" do
|
|
SiteSetting.watched_words_regular_expressions = true
|
|
WatchedWord.create!(action: WatchedWord.actions[:silence], word: "I love candy")
|
|
WatchedWord.create!(action: WatchedWord.actions[:silence], word: "i eat s[1-5]")
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "when I eat s3 sometimes when not looking",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
parsed = response.parsed_body
|
|
|
|
expect(parsed["action"]).to eq("enqueued")
|
|
reviewable = ReviewableQueuedPost.find_by(target_created_by: user)
|
|
score = reviewable.reviewable_scores.first
|
|
expect(score.reason).to eq("auto_silence_regex")
|
|
|
|
user.reload
|
|
expect(user).to be_silenced
|
|
end
|
|
|
|
it "can send a message to a group" do
|
|
group = Group.create(name: "test_group", messageable_level: Group::ALIAS_LEVELS[:nobody])
|
|
user1 = user
|
|
group.add(user1)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "I can haz a test",
|
|
title: "I loves my test",
|
|
target_recipients: group.name,
|
|
archetype: Archetype.private_message,
|
|
}
|
|
|
|
expect(response).not_to be_successful
|
|
|
|
# allow pm to this group
|
|
group.update_columns(messageable_level: Group::ALIAS_LEVELS[:everyone])
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "I can haz a test",
|
|
title: "I loves my test",
|
|
target_recipients: "test_Group",
|
|
archetype: Archetype.private_message,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
parsed = response.parsed_body
|
|
post = Post.find(parsed["id"])
|
|
|
|
expect(post.topic.topic_allowed_users.length).to eq(1)
|
|
expect(post.topic.topic_allowed_groups.length).to eq(1)
|
|
end
|
|
|
|
it "can send a message to a group with caps" do
|
|
group = Group.create(name: "Test_group", messageable_level: Group::ALIAS_LEVELS[:nobody])
|
|
user1 = user
|
|
group.add(user1)
|
|
|
|
# allow pm to this group
|
|
group.update_columns(messageable_level: Group::ALIAS_LEVELS[:everyone])
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "I can haz a test",
|
|
title: "I loves my test",
|
|
target_recipients: "test_Group",
|
|
archetype: Archetype.private_message,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
parsed = response.parsed_body
|
|
post = Post.find(parsed["id"])
|
|
|
|
expect(post.topic.topic_allowed_users.length).to eq(1)
|
|
expect(post.topic.topic_allowed_groups.length).to eq(1)
|
|
end
|
|
|
|
it "returns the nested post with a param" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content ",
|
|
title: "this is the test title for the topic",
|
|
nested_post: true,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
parsed = response.parsed_body
|
|
expect(parsed["post"]).to be_present
|
|
expect(parsed["post"]["raw"]).to eq("this is the test content")
|
|
expect(parsed["post"]["cooked"]).to be_present
|
|
end
|
|
|
|
it "protects against dupes" do
|
|
raw = "this is a test post 123 #{SecureRandom.hash}"
|
|
title = "this is a title #{SecureRandom.hash}"
|
|
|
|
expect do post "/posts.json", params: { raw: raw, title: title, wpid: 1 } end.to change {
|
|
Post.count
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect do
|
|
post "/posts.json", params: { raw: raw, title: title, wpid: 2 }
|
|
end.to_not change { Post.count }
|
|
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
it "cannot create a post in a disallowed category" do
|
|
category.set_permissions(staff: :full)
|
|
category.save!
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
category: category.id,
|
|
}
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "cannot create a post with a tag that is restricted" do
|
|
SiteSetting.tagging_enabled = true
|
|
tag = Fabricate(:tag)
|
|
category.allowed_tags = [tag.name]
|
|
category.save!
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
tags: [tag.name],
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
json = response.parsed_body
|
|
expect(json["errors"]).to be_present
|
|
end
|
|
|
|
it "cannot create a post with a tag when tagging is disabled" do
|
|
SiteSetting.tagging_enabled = false
|
|
tag = Fabricate(:tag)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
tags: [tag.name],
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
json = response.parsed_body
|
|
expect(json["errors"]).to be_present
|
|
end
|
|
|
|
it "cannot create a post with a tag without tagging permission" do
|
|
SiteSetting.tagging_enabled = true
|
|
SiteSetting.tag_topic_allowed_groups = Group::AUTO_GROUPS[:trust_level_4]
|
|
tag = Fabricate(:tag)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
tags: [tag.name],
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
json = response.parsed_body
|
|
expect(json["errors"]).to be_present
|
|
end
|
|
|
|
it "can create a post with a tag when tagging is enabled" do
|
|
SiteSetting.tagging_enabled = true
|
|
tag = Fabricate(:tag)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
tags: [tag.name],
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(Post.last.topic.tags.count).to eq(1)
|
|
end
|
|
|
|
it "creates the topic and post with the right attributes" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
category: category.id,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
new_post = Post.last
|
|
topic = new_post.topic
|
|
|
|
expect(new_post.user).to eq(user)
|
|
expect(new_post.raw).to eq("this is the test content")
|
|
expect(topic.title).to eq("This is the test title for the topic")
|
|
expect(topic.category).to eq(category)
|
|
expect(topic.visible).to eq(true)
|
|
end
|
|
|
|
context "when adding custom fields to topic via the `topic_custom_fields` param" do
|
|
it "should return a 400 response code when no custom fields has been permitted" do
|
|
sign_in(user)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
category: category.id,
|
|
topic_custom_fields: {
|
|
xyz: "abc",
|
|
abc: "xyz",
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(400)
|
|
expect(Topic.last.custom_fields).to eq({})
|
|
end
|
|
|
|
context "when custom fields has been permitted" do
|
|
fab!(:plugin) do
|
|
plugin = Plugin::Instance.new
|
|
plugin.register_editable_topic_custom_field(:xyz)
|
|
plugin.register_editable_topic_custom_field(:abc, staff_only: true)
|
|
plugin
|
|
end
|
|
|
|
it "should return a 400 response when trying to add a staff ony custom field for a non-staff user" do
|
|
sign_in(user)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
category: category.id,
|
|
topic_custom_fields: {
|
|
abc: "xyz",
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(400)
|
|
expect(Topic.last.custom_fields).to eq({})
|
|
end
|
|
|
|
it "should add custom fields to topic that is permitted for a non-staff user" do
|
|
sign_in(user)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
category: category.id,
|
|
topic_custom_fields: {
|
|
xyz: "abc",
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(Topic.last.custom_fields).to eq({ "xyz" => "abc" })
|
|
end
|
|
|
|
it "should add custom fields to topic that is permitted for a non-staff user via the deprecated `meta_data` param" do
|
|
sign_in(user)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
category: category.id,
|
|
meta_data: {
|
|
xyz: "abc",
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(Topic.last.custom_fields).to eq({ "xyz" => "abc" })
|
|
end
|
|
|
|
it "should add custom fields to topic that is permitted for a staff user and public user" do
|
|
sign_in(Fabricate(:admin))
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
category: category.id,
|
|
topic_custom_fields: {
|
|
xyz: "abc",
|
|
abc: "xyz",
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(Topic.last.custom_fields).to eq({ "xyz" => "abc", "abc" => "xyz" })
|
|
end
|
|
end
|
|
end
|
|
|
|
it "can create an uncategorized topic" do
|
|
title = "this is the test title for the topic"
|
|
|
|
expect do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: title,
|
|
category: "",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
end.to change { Topic.count }.by(1)
|
|
|
|
topic = Topic.last
|
|
|
|
expect(topic.title).to eq(title.capitalize)
|
|
expect(topic.category_id).to eq(SiteSetting.uncategorized_category_id)
|
|
end
|
|
|
|
it "can create a reply to a post" do
|
|
topic = Fabricate(:private_message_post, user: user).topic
|
|
post_2 = Fabricate(:private_message_post, user: user, topic: topic)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
topic_id: topic.id,
|
|
reply_to_post_number: post_2.post_number,
|
|
image_sizes: {
|
|
width: "100",
|
|
height: "200",
|
|
},
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
new_post = Post.last
|
|
topic = new_post.topic
|
|
|
|
expect(new_post.user).to eq(user)
|
|
expect(new_post.raw).to eq("this is the test content")
|
|
expect(new_post.reply_to_post_number).to eq(post_2.post_number)
|
|
|
|
job_args = Jobs::ProcessPost.jobs.first["args"].first
|
|
|
|
expect(job_args["image_sizes"]).to eq("width" => "100", "height" => "200")
|
|
end
|
|
|
|
it "creates a private post" do
|
|
user_2 = Fabricate(:user)
|
|
user_3 = Fabricate(:user, username: "foo_bar")
|
|
|
|
# In certain edge cases, it's possible to end up with a username
|
|
# containing characters that would normally fail to validate
|
|
user_4 = Fabricate(:user, username: "Iyi_Iyi")
|
|
user_4.update_attribute(:username, "İyi_İyi")
|
|
user_4.update_attribute(:username_lower, "İyi_İyi".downcase)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
archetype: "private_message",
|
|
title: "this is some post",
|
|
target_recipients: "#{user_2.username},Foo_Bar,İyi_İyi",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
new_post = Post.last
|
|
new_topic = Topic.last
|
|
|
|
expect(new_post.user).to eq(user)
|
|
expect(new_topic.private_message?).to eq(true)
|
|
expect(new_topic.allowed_users).to contain_exactly(user, user_2, user_3, user_4)
|
|
end
|
|
|
|
context "when target_recipients not provided" do
|
|
it "errors when creating a private post" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
archetype: "private_message",
|
|
title: "this is some post",
|
|
target_recipients: "",
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(
|
|
I18n.t("activerecord.errors.models.topic.attributes.base.no_user_selected"),
|
|
)
|
|
end
|
|
end
|
|
|
|
context "when topic_id is set" do
|
|
fab!(:topic)
|
|
|
|
it "errors when creating a private post" do
|
|
user_2 = Fabricate(:user)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
archetype: "private_message",
|
|
title: "this is some post",
|
|
target_recipients: user_2.username,
|
|
topic_id: topic.id,
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("create_pm_on_existing_topic"))
|
|
end
|
|
end
|
|
|
|
context "with errors" do
|
|
it "does not succeed" do
|
|
post "/posts.json", params: { raw: "test" }
|
|
expect(response).not_to be_successful
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
it "it triggers flag_linked_posts_as_spam when the post creator returns spam" do
|
|
SiteSetting.newuser_spam_host_threshold = 1
|
|
sign_in(Fabricate(:user, trust_level: TrustLevel[0]))
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw:
|
|
"this is the test content http://fakespamwebsite.com http://fakespamwebsite.com/spam http://fakespamwebsite.com/spammy",
|
|
title: "this is the test title for the topic",
|
|
}
|
|
|
|
expect(response.parsed_body["errors"]).to include(I18n.t(:spamming_host))
|
|
end
|
|
|
|
context "when allow_uncategorized_topics is false" do
|
|
before { SiteSetting.allow_uncategorized_topics = false }
|
|
|
|
it "cant create an uncategorized post" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "a new post with no category",
|
|
title: "a new post with no category",
|
|
}
|
|
expect(response).not_to be_successful
|
|
end
|
|
|
|
context "as staff" do
|
|
before { sign_in(admin) }
|
|
|
|
it "cant create an uncategorized post" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "a new post with no category",
|
|
title: "a new post with no category",
|
|
}
|
|
expect(response).not_to be_successful
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when `enable_user_status` site setting is enabled" do
|
|
fab!(:user_to_mention) { Fabricate(:user) }
|
|
|
|
before { SiteSetting.enable_user_status = true }
|
|
|
|
it "does not return mentioned users when `enable_user_status` site setting is disabled" do
|
|
SiteSetting.enable_user_status = false
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "I am mentioning @#{user_to_mention.username}",
|
|
topic_id: topic.id,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
json = response.parsed_body
|
|
|
|
expect(json["mentioned_users"]).to eq(nil)
|
|
end
|
|
|
|
it "returns mentioned users" do
|
|
user_to_mention.set_status!("off to dentist", "tooth")
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "I am mentioning @#{user_to_mention.username}",
|
|
topic_id: topic.id,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
json = response.parsed_body
|
|
expect(json["mentioned_users"].length).to be(1)
|
|
|
|
mentioned_user = json["mentioned_users"][0]
|
|
expect(mentioned_user["id"]).to be(user_to_mention.id)
|
|
expect(mentioned_user["name"]).to eq(user_to_mention.name)
|
|
expect(mentioned_user["username"]).to eq(user_to_mention.username)
|
|
|
|
status = mentioned_user["status"]
|
|
expect(status).to be_present
|
|
expect(status["emoji"]).to eq(user_to_mention.user_status.emoji)
|
|
expect(status["description"]).to eq(user_to_mention.user_status.description)
|
|
end
|
|
|
|
it "returns an empty list of mentioned users if nobody was mentioned" do
|
|
post "/posts.json", params: { raw: "No mentions here", topic_id: topic.id }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["mentioned_users"].length).to be(0)
|
|
end
|
|
|
|
it "returns an empty list of mentioned users if an nonexistent user was mentioned" do
|
|
post "/posts.json", params: { raw: "Mentioning a @stranger", topic_id: topic.id }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["mentioned_users"].length).to be(0)
|
|
end
|
|
end
|
|
end
|
|
|
|
context "with topic unlisting" do
|
|
context "when logged in as staff" do
|
|
before { sign_in(admin) }
|
|
|
|
it "creates an unlisted topic" do
|
|
expect do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
unlist_topic: true,
|
|
}
|
|
end.to change { Topic.count }.by(1)
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(Topic.find(response.parsed_body["topic_id"]).visible).to eq(false)
|
|
end
|
|
end
|
|
|
|
context "when logged in as a non-staff user" do
|
|
before { sign_in(user) }
|
|
|
|
it "prevents creation of an unlisted topic" do
|
|
expect do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
unlist_topic: true,
|
|
}
|
|
end.not_to change { Topic.count }
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(
|
|
I18n.t("activerecord.errors.models.topic.attributes.base.unable_to_unlist"),
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "shared draft" do
|
|
fab!(:destination_category) { Fabricate(:category) }
|
|
|
|
it "will raise an error for regular users" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the shared draft content",
|
|
title: "this is the shared draft title",
|
|
category: destination_category.id,
|
|
shared_draft: "true",
|
|
}
|
|
expect(response).not_to be_successful
|
|
end
|
|
|
|
describe "as a staff user" do
|
|
before { sign_in(moderator) }
|
|
|
|
it "will raise an error if there is no shared draft category" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the shared draft content",
|
|
title: "this is the shared draft title",
|
|
category: destination_category.id,
|
|
shared_draft: "true",
|
|
}
|
|
expect(response).not_to be_successful
|
|
end
|
|
|
|
context "with a shared category" do
|
|
fab!(:shared_category) { Fabricate(:category) }
|
|
before { SiteSetting.shared_drafts_category = shared_category.id }
|
|
|
|
it "will work if the shared draft category is present" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the shared draft content",
|
|
title: "this is the shared draft title",
|
|
category: destination_category.id,
|
|
shared_draft: "true",
|
|
}
|
|
expect(response.status).to eq(200)
|
|
result = response.parsed_body
|
|
topic = Topic.find(result["topic_id"])
|
|
expect(topic.category_id).to eq(shared_category.id)
|
|
expect(topic.shared_draft.category_id).to eq(destination_category.id)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "warnings" do
|
|
fab!(:user_2) { Fabricate(:user, refresh_auto_groups: true) }
|
|
|
|
context "as a staff user" do
|
|
before { sign_in(admin) }
|
|
|
|
it "should be able to mark a topic as warning" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
archetype: "private_message",
|
|
title: "this is some post",
|
|
target_recipients: user_2.username,
|
|
is_warning: true,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
new_topic = Topic.last
|
|
|
|
expect(new_topic.title).to eq("This is some post")
|
|
expect(new_topic.is_official_warning?).to eq(true)
|
|
end
|
|
|
|
it "should be able to mark a topic as not a warning" do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
archetype: "private_message",
|
|
title: "this is some post",
|
|
target_recipients: user_2.username,
|
|
is_warning: false,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
new_topic = Topic.last
|
|
|
|
expect(new_topic.title).to eq("This is some post")
|
|
expect(new_topic.is_official_warning?).to eq(false)
|
|
end
|
|
end
|
|
|
|
context "as a normal user" do
|
|
it "should not be able to mark a topic as warning" do
|
|
sign_in(user)
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
archetype: "private_message",
|
|
title: "this is some post",
|
|
target_recipients: user_2.username,
|
|
is_warning: true,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
new_topic = Topic.last
|
|
|
|
expect(new_topic.title).to eq("This is some post")
|
|
expect(new_topic.is_official_warning?).to eq(false)
|
|
end
|
|
end
|
|
end
|
|
|
|
context "with topic bump" do
|
|
shared_examples "it works" do
|
|
it "should be able to skip topic bumping" do
|
|
original_bumped_at = 1.day.ago
|
|
topic = Fabricate(:topic, bumped_at: original_bumped_at)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
topic_id: topic.id,
|
|
no_bump: true,
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(topic.reload.bumped_at).to eq_time(original_bumped_at)
|
|
end
|
|
|
|
it "should be able to post with topic bumping" do
|
|
post "/posts.json", params: { raw: "this is the test content", topic_id: topic.id }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(topic.reload.bumped_at).to eq_time(topic.posts.last.created_at)
|
|
end
|
|
end
|
|
|
|
context "with admins" do
|
|
before { sign_in(admin) }
|
|
|
|
include_examples "it works"
|
|
end
|
|
|
|
context "with moderators" do
|
|
before { sign_in(moderator) }
|
|
|
|
include_examples "it works"
|
|
end
|
|
|
|
context "with TL4 users" do
|
|
fab!(:trust_level_4)
|
|
|
|
before { sign_in(trust_level_4) }
|
|
|
|
include_examples "it works"
|
|
end
|
|
|
|
context "with users" do
|
|
fab!(:topic)
|
|
|
|
[:user].each do |user|
|
|
it "will raise an error for #{user}" do
|
|
sign_in(Fabricate(user))
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
topic_id: topic.id,
|
|
no_bump: true,
|
|
}
|
|
expect(response.status).to eq(400)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context "with featured links" do
|
|
it "allows to create topics with featured links" do
|
|
sign_in(user_trust_level_1)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
title: "this is the test title for the topic",
|
|
raw: "this is the test content",
|
|
featured_link: "https://discourse.org",
|
|
}
|
|
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "doesn't allow TL0 users to create topics with featured links" do
|
|
sign_in(user_trust_level_0)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
title: "this is the test title for the topic",
|
|
raw: "this is the test content",
|
|
featured_link: "https://discourse.org",
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
it "doesn't allow to create topics with featured links if featured links are disabled in settings" do
|
|
SiteSetting.topic_featured_link_enabled = false
|
|
sign_in(user_trust_level_1)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
title: "this is the test title for the topic",
|
|
raw: "this is the test content",
|
|
featured_link: "https://discourse.org",
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
end
|
|
|
|
it "doesn't allow to create topics with featured links in the category with forbidden feature links" do
|
|
category = Fabricate(:category, topic_featured_link_allowed: false)
|
|
sign_in(user_trust_level_1)
|
|
|
|
post "/posts.json",
|
|
params: {
|
|
title: "this is the test title for the topic",
|
|
raw: "this is the test content",
|
|
featured_link: "https://discourse.org",
|
|
category: category.id,
|
|
}
|
|
|
|
expect(response.status).to eq(422)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#revisions" do
|
|
fab!(:post) { Fabricate(:post, version: 2) }
|
|
let(:post_revision) { Fabricate(:post_revision, post: post) }
|
|
|
|
it "throws an exception when revision is < 2" do
|
|
get "/posts/#{post.id}/revisions/1.json"
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
context "when edit history is not visible to the public" do
|
|
before { SiteSetting.edit_history_visible_to_public = false }
|
|
|
|
it "ensures anonymous cannot see the revisions" do
|
|
get "/posts/#{post.id}/revisions/#{post_revision.number}.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "ensures regular user cannot see the revisions" do
|
|
sign_in(user)
|
|
get "/posts/#{post.id}/revisions/#{post_revision.number}.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "ensures staff can see the revisions" do
|
|
sign_in(admin)
|
|
get "/posts/#{post.id}/revisions/#{post_revision.number}.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "ensures poster can see the revisions" do
|
|
user = Fabricate(:active_user)
|
|
sign_in(user)
|
|
|
|
post = Fabricate(:post, user: user, version: 3)
|
|
pr = Fabricate(:post_revision, user: user, post: post)
|
|
|
|
get "/posts/#{pr.post_id}/revisions/#{pr.number}.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "ensures trust level 4 cannot see the revisions" do
|
|
sign_in(Fabricate(:user, trust_level: 4))
|
|
get "/posts/#{post_revision.post_id}/revisions/#{post_revision.number}.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
|
|
context "when the history on a specific post is hidden" do
|
|
it "works when hiding a revision" do
|
|
sign_in(admin)
|
|
|
|
message =
|
|
MessageBus
|
|
.track_publish("/topic/#{post.topic.id}") do
|
|
put "/posts/#{post_revision.post_id}/revisions/#{post_revision.number}/hide"
|
|
end
|
|
.first
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(message.data[:type]).to eq(:revised)
|
|
expect(message.data[:version]).to eq(2)
|
|
expect(post_revision.reload[:hidden]).to eq(true)
|
|
end
|
|
|
|
it "works when showing a revision" do
|
|
post_revision.update!(hidden: true)
|
|
sign_in(admin)
|
|
|
|
message =
|
|
MessageBus
|
|
.track_publish("/topic/#{post.topic.id}") do
|
|
put "/posts/#{post_revision.post_id}/revisions/#{post_revision.number}/show"
|
|
end
|
|
.first
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(message.data[:type]).to eq(:revised)
|
|
expect(message.data[:version]).to eq(2)
|
|
expect(post_revision.reload[:hidden]).to eq(false)
|
|
end
|
|
end
|
|
|
|
context "when post is hidden" do
|
|
before do
|
|
post.hidden = true
|
|
post.save
|
|
end
|
|
|
|
it "throws an exception for users" do
|
|
sign_in(user)
|
|
get "/posts/#{post.id}/revisions/#{post_revision.number}.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "works for admins" do
|
|
sign_in(admin)
|
|
get "/posts/#{post.id}/revisions/#{post_revision.number}.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
context "when edit history is visible to everyone" do
|
|
before { SiteSetting.edit_history_visible_to_public = true }
|
|
|
|
it "ensures anyone can see the revisions" do
|
|
get "/posts/#{post_revision.post_id}/revisions/#{post_revision.number}.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
context "with deleted post" do
|
|
fab!(:deleted_post) { Fabricate(:post, user: admin, version: 3) }
|
|
fab!(:deleted_post_revision) { Fabricate(:post_revision, user: admin, post: deleted_post) }
|
|
|
|
before { deleted_post.trash!(admin) }
|
|
|
|
it "also work on deleted post" do
|
|
sign_in(admin)
|
|
get "/posts/#{deleted_post_revision.post_id}/revisions/#{deleted_post_revision.number}.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
context "with deleted topic" do
|
|
fab!(:deleted_topic) { Fabricate(:topic, user: admin) }
|
|
fab!(:post) { Fabricate(:post, user: admin, topic: deleted_topic, version: 3) }
|
|
fab!(:post_revision) { Fabricate(:post_revision, user: admin, post: post) }
|
|
|
|
before { deleted_topic.trash!(admin) }
|
|
|
|
it "also work on deleted topic" do
|
|
sign_in(admin)
|
|
get "/posts/#{post_revision.post_id}/revisions/#{post_revision.number}.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
context "with a tagged topic" do
|
|
let(:tag) { Fabricate(:tag) }
|
|
it "works" do
|
|
SiteSetting.tagging_enabled = true
|
|
|
|
post_revision.post.topic.update(tags: [tag])
|
|
|
|
get "/posts/#{post_revision.post_id}/revisions/latest.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
SiteSetting.tagging_enabled = false
|
|
|
|
get "/posts/#{post_revision.post_id}/revisions/latest.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#permanently_delete_revisions" do
|
|
before { SiteSetting.can_permanently_delete = true }
|
|
|
|
fab!(:post) do
|
|
Fabricate(
|
|
:post,
|
|
user: Fabricate(:user),
|
|
raw: "Lorem ipsum dolor sit amet, cu nam libris tractatos, ancillae senserit ius ex",
|
|
)
|
|
end
|
|
|
|
fab!(:post_with_no_revisions) do
|
|
Fabricate(
|
|
:post,
|
|
user: Fabricate(:user),
|
|
raw: "Lorem ipsum dolor sit amet, cu nam libris tractatos, ancillae senserit ius ex",
|
|
)
|
|
end
|
|
|
|
fab!(:post_revision) { Fabricate(:post_revision, post: post) }
|
|
fab!(:post_revision_2) { Fabricate(:post_revision, post: post) }
|
|
|
|
let(:post_id) { post.id }
|
|
|
|
describe "when logged in as a regular user" do
|
|
it "does not delete revisions" do
|
|
sign_in(user)
|
|
delete "/posts/#{post_id}/revisions/permanently_delete.json"
|
|
expect(response).to_not be_successful
|
|
end
|
|
end
|
|
|
|
describe "when logged in as staff" do
|
|
before { sign_in(admin) }
|
|
|
|
it "fails when post record is not found" do
|
|
delete "/posts/#{post_id + 1}/revisions/permanently_delete.json"
|
|
expect(response).to_not be_successful
|
|
end
|
|
|
|
it "fails when no post revisions are found" do
|
|
delete "/posts/#{post_with_no_revisions.id}/revisions/permanently_delete.json"
|
|
expect(response).to_not be_successful
|
|
end
|
|
|
|
it "fails when 'can_permanently_delete' setting is false" do
|
|
SiteSetting.can_permanently_delete = false
|
|
delete "/posts/#{post_id}/revisions/permanently_delete.json"
|
|
expect(response).to_not be_successful
|
|
end
|
|
|
|
it "permanently deletes revisions from post and adds a staff log" do
|
|
delete "/posts/#{post_id}/revisions/permanently_delete.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
# It creates a staff log
|
|
logs =
|
|
UserHistory.find_by(
|
|
action: UserHistory.actions[:permanently_delete_post_revisions],
|
|
acting_user_id: admin.id,
|
|
post_id: post_id,
|
|
)
|
|
expect(logs).to be_present
|
|
|
|
# ensure post revisions are deleted
|
|
expect(PostRevision.where(post: post)).to eq([])
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#revert" do
|
|
include_examples "action requires login", :put, "/posts/123/revisions/2/revert.json"
|
|
|
|
fab!(:post) do
|
|
Fabricate(
|
|
:post,
|
|
user: Fabricate(:user),
|
|
raw: "Lorem ipsum dolor sit amet, cu nam libris tractatos, ancillae senserit ius ex",
|
|
)
|
|
end
|
|
let(:post_revision) do
|
|
Fabricate(
|
|
:post_revision,
|
|
post: post,
|
|
modifications: {
|
|
"raw" => ["this is original post body.", "this is edited post body."],
|
|
},
|
|
)
|
|
end
|
|
let(:blank_post_revision) do
|
|
Fabricate(
|
|
:post_revision,
|
|
post: post,
|
|
modifications: {
|
|
"edit_reason" => ["edit reason #1", "edit reason #2"],
|
|
},
|
|
)
|
|
end
|
|
let(:same_post_revision) do
|
|
Fabricate(
|
|
:post_revision,
|
|
post: post,
|
|
modifications: {
|
|
"raw" => [
|
|
"Lorem ipsum dolor sit amet, cu nam libris tractatos, ancillae senserit ius ex",
|
|
"this is edited post body.",
|
|
],
|
|
},
|
|
)
|
|
end
|
|
|
|
let(:post_id) { post.id }
|
|
let(:revision_id) { post_revision.number }
|
|
|
|
describe "when logged in as a regular user" do
|
|
it "does not work" do
|
|
sign_in(user)
|
|
put "/posts/#{post_id}/revisions/#{revision_id}/revert.json"
|
|
expect(response).to_not be_successful
|
|
end
|
|
end
|
|
|
|
describe "when logged in as staff" do
|
|
before { sign_in(moderator) }
|
|
|
|
it "fails when revision is < 2" do
|
|
put "/posts/#{post_id}/revisions/1/revert.json"
|
|
expect(response.status).to eq(400)
|
|
end
|
|
|
|
it "fails when post_revision record is not found" do
|
|
put "/posts/#{post_id}/revisions/#{revision_id + 1}/revert.json"
|
|
expect(response).to_not be_successful
|
|
end
|
|
|
|
it "fails when post record is not found" do
|
|
put "/posts/#{post_id + 1}/revisions/#{revision_id}/revert.json"
|
|
expect(response).to_not be_successful
|
|
end
|
|
|
|
it "fails when revision is blank" do
|
|
put "/posts/#{post_id}/revisions/#{blank_post_revision.number}/revert.json"
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("revert_version_same"))
|
|
end
|
|
|
|
it "fails when revised version is same as current version" do
|
|
put "/posts/#{post_id}/revisions/#{same_post_revision.number}/revert.json"
|
|
expect(response.status).to eq(422)
|
|
expect(response.parsed_body["errors"]).to include(I18n.t("revert_version_same"))
|
|
end
|
|
|
|
it "works!" do
|
|
put "/posts/#{post_id}/revisions/#{revision_id}/revert.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "supports reverting posts in deleted topics" do
|
|
first_post = post.topic.ordered_posts.first
|
|
PostDestroyer.new(moderator, first_post).destroy
|
|
|
|
put "/posts/#{post_id}/revisions/#{revision_id}/revert.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#expand_embed" do
|
|
before { sign_in(user) }
|
|
|
|
fab!(:post)
|
|
|
|
it "raises an error when you can't see the post" do
|
|
post = Fabricate(:private_message_post)
|
|
get "/posts/#{post.id}/expand-embed.json"
|
|
expect(response).not_to be_successful
|
|
end
|
|
|
|
it "retrieves the body when you can see the post" do
|
|
TopicEmbed.expects(:expanded_for).with(post).returns("full content")
|
|
get "/posts/#{post.id}/expand-embed.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.parsed_body["cooked"]).to eq("full content")
|
|
end
|
|
end
|
|
|
|
describe "#deleted_posts" do
|
|
include_examples "action requires login", :get, "/posts/system/deleted.json"
|
|
|
|
describe "when logged in" do
|
|
it "raises an error if the user doesn't have permission to see the deleted posts" do
|
|
sign_in(user)
|
|
get "/posts/system/deleted.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
describe "when limit params is invalid" do
|
|
before { sign_in(moderator) }
|
|
|
|
include_examples "invalid limit params",
|
|
"/posts/system/deleted.json",
|
|
described_class::DELETED_POSTS_MAX_LIMIT
|
|
end
|
|
|
|
it "can see the deleted posts when authorized" do
|
|
sign_in(moderator)
|
|
get "/posts/system/deleted.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "does not raise if topic has been permanently deleted" do
|
|
post = Fabricate(:post, user: admin)
|
|
PostDestroyer.new(admin, post).destroy
|
|
post.update!(topic_id: -1000)
|
|
|
|
sign_in(admin)
|
|
get "/posts/#{admin.username}/deleted.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
|
|
it "doesn't return secured categories for moderators if they don't have access" do
|
|
Fabricate(:moderator)
|
|
|
|
group = Fabricate(:group)
|
|
group.add_owner(user)
|
|
|
|
secured_category = Fabricate(:private_category, group: group)
|
|
secured_post = create_post(user: user, category: secured_category)
|
|
PostDestroyer.new(admin, secured_post).destroy
|
|
|
|
sign_in(moderator)
|
|
get "/posts/#{user.username}/deleted.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
data = response.parsed_body
|
|
expect(data.length).to eq(0)
|
|
end
|
|
|
|
it "doesn't return PMs for moderators" do
|
|
Fabricate(:moderator)
|
|
|
|
pm_post =
|
|
create_post(user: user, archetype: "private_message", target_usernames: [admin.username])
|
|
PostDestroyer.new(admin, pm_post).destroy
|
|
|
|
sign_in(moderator)
|
|
get "/posts/#{user.username}/deleted.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
data = response.parsed_body
|
|
expect(data.length).to eq(0)
|
|
end
|
|
|
|
it "only shows posts deleted by other users" do
|
|
create_post(user: user)
|
|
post_deleted_by_user = create_post(user: user)
|
|
post_deleted_by_admin = create_post(user: user)
|
|
|
|
PostDestroyer.new(user, post_deleted_by_user).destroy
|
|
PostDestroyer.new(admin, post_deleted_by_admin).destroy
|
|
|
|
sign_in(admin)
|
|
get "/posts/#{user.username}/deleted.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
data = response.parsed_body
|
|
expect(data.length).to eq(1)
|
|
expect(data[0]["id"]).to eq(post_deleted_by_admin.id)
|
|
expect(data[0]["deleted_by"]["id"]).to eq(admin.id)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#markdown_id" do
|
|
it "can be viewed by anonymous" do
|
|
post = Fabricate(:post, raw: "123456789")
|
|
get "/posts/#{post.id}/raw.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.body).to eq("123456789")
|
|
end
|
|
|
|
it "renders a 404 page" do
|
|
get "/posts/0/raw"
|
|
expect(response.status).to eq(404)
|
|
expect(response.body).to include(I18n.t("page_not_found.title"))
|
|
end
|
|
end
|
|
|
|
describe "#markdown_num" do
|
|
it "can be viewed by anonymous" do
|
|
topic = Fabricate(:topic)
|
|
post = Fabricate(:post, topic: topic, post_number: 1, raw: "123456789")
|
|
post.save
|
|
get "/raw/#{topic.id}/1.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.body).to eq("123456789")
|
|
end
|
|
|
|
it "can show whole topics" do
|
|
topic = Fabricate(:topic)
|
|
post = Fabricate(:post, topic: topic, post_number: 1, raw: "123456789")
|
|
_post_2 = Fabricate(:post, topic: topic, post_number: 2, raw: "abcdefghij")
|
|
post.save
|
|
get "/raw/#{topic.id}"
|
|
expect(response.status).to eq(200)
|
|
expect(response.body).to include("123456789", "abcdefghij")
|
|
end
|
|
end
|
|
|
|
describe "#short_link" do
|
|
fab!(:topic)
|
|
fab!(:post) { Fabricate(:post, topic: topic) }
|
|
|
|
it "redirects to the topic" do
|
|
get "/p/#{post.id}.json"
|
|
expect(response).to be_redirect
|
|
end
|
|
|
|
it "returns a 403 when access is denied for JSON format" do
|
|
post = Fabricate(:private_message_post)
|
|
get "/p/#{post.id}.json"
|
|
expect(response).to be_forbidden
|
|
end
|
|
|
|
it "returns a 403 when access is denied for HTML format" do
|
|
post = Fabricate(:private_message_post)
|
|
get "/p/#{post.id}"
|
|
expect(response).to be_forbidden
|
|
expect(response.body).to have_tag("body.no-ember")
|
|
end
|
|
|
|
it "renders a 404 page" do
|
|
get "/p/0"
|
|
expect(response.status).to eq(404)
|
|
expect(response.body).to include(I18n.t("page_not_found.title"))
|
|
end
|
|
end
|
|
|
|
describe "#user_posts_feed" do
|
|
it "returns public posts rss feed" do
|
|
public_post
|
|
private_post
|
|
|
|
get "/u/#{user.username}/activity.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.body
|
|
|
|
expect(body).to_not include(private_post.url)
|
|
expect(body).to include(public_post.url)
|
|
end
|
|
|
|
it "doesn't include posts from hidden topics" do
|
|
public_post.topic.update!(visible: false)
|
|
|
|
get "/u/#{user.username}/activity.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.body
|
|
expect(body).not_to include(public_post.url)
|
|
end
|
|
|
|
it "excludes small actions" do
|
|
small_action = Fabricate(:small_action, user: user)
|
|
|
|
get "/u/#{user.username}/activity.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.body
|
|
|
|
expect(body).not_to include(small_action.canonical_url)
|
|
end
|
|
|
|
it "returns public posts as JSON" do
|
|
public_post
|
|
private_post
|
|
|
|
get "/u/#{user.username}/activity.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.body
|
|
|
|
expect(body).to_not include(private_post.topic.slug)
|
|
expect(body).to include(public_post.topic.slug)
|
|
end
|
|
|
|
it "returns 404 if `hide_profile_and_presence` user option is checked" do
|
|
user.user_option.update_columns(hide_profile_and_presence: true)
|
|
|
|
get "/u/#{user.username}/activity.rss"
|
|
expect(response.status).to eq(404)
|
|
|
|
get "/u/#{user.username}/activity.json"
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "succeeds when `allow_users_to_hide_profile` is false" do
|
|
user.user_option.update_columns(hide_profile_and_presence: true)
|
|
SiteSetting.allow_users_to_hide_profile = false
|
|
|
|
get "/u/#{user.username}/activity.rss"
|
|
expect(response.status).to eq(200)
|
|
|
|
get "/u/#{user.username}/activity.json"
|
|
expect(response.status).to eq(200)
|
|
end
|
|
end
|
|
|
|
describe "#latest" do
|
|
context "with private posts" do
|
|
describe "when not logged in" do
|
|
it "should return the right response" do
|
|
Fabricate(:post)
|
|
|
|
get "/private-posts.rss"
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
expect(response.body).to have_tag("input", with: { value: "private_posts" })
|
|
end
|
|
end
|
|
|
|
it "returns private posts rss feed" do
|
|
sign_in(admin)
|
|
|
|
public_post
|
|
private_post
|
|
get "/private-posts.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.body
|
|
|
|
expect(body).to include(private_post.url)
|
|
expect(body).to_not include(public_post.url)
|
|
end
|
|
|
|
it "properly secures private posts" do
|
|
sign_in(user)
|
|
|
|
private_post
|
|
|
|
pm = Fabricate(:private_message_topic, recipient: user)
|
|
post_id = Fabricate(:post, topic: pm).id
|
|
|
|
get "/private-posts.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
json = response.parsed_body
|
|
post_ids = json["private_posts"].map { |p| p["id"] }
|
|
|
|
expect(post_ids).to eq([post_id])
|
|
end
|
|
|
|
it "returns private posts for json" do
|
|
sign_in(admin)
|
|
|
|
public_post
|
|
private_post
|
|
get "/private-posts.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
json = response.parsed_body
|
|
post_ids = json["private_posts"].map { |p| p["id"] }
|
|
|
|
expect(post_ids).to include private_post.id
|
|
expect(post_ids).to_not include public_post.id
|
|
end
|
|
end
|
|
|
|
context "with public posts" do
|
|
it "returns public posts with topic rss feed" do
|
|
public_post
|
|
private_post
|
|
|
|
get "/posts.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.body
|
|
|
|
# we cache in redis, in rare cases this can cause a flaky test
|
|
PostsHelper.clear_canonical_cache!(public_post)
|
|
|
|
expect(body).to include(public_post.canonical_url)
|
|
expect(body).to_not include(private_post.url)
|
|
end
|
|
|
|
it "doesn't include posts from secured categories you have no access to" do
|
|
public_post
|
|
private_post
|
|
|
|
category = Fabricate(:category, read_restricted: true)
|
|
topic = Fabricate(:topic, category: category)
|
|
secure_post = Fabricate(:post, topic: topic)
|
|
|
|
get "/posts.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.parsed_body
|
|
ids = body["latest_posts"].map { |p| p["id"] }
|
|
|
|
expect(ids).not_to include secure_post.id
|
|
end
|
|
|
|
it "doesn't include posts from hidden topics" do
|
|
public_post.topic.update!(visible: false)
|
|
|
|
get "/posts.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.body
|
|
|
|
# we cache in redis, in rare cases this can cause a flaky test
|
|
PostsHelper.clear_canonical_cache!(public_post)
|
|
|
|
expect(body).not_to include(public_post.canonical_url)
|
|
end
|
|
|
|
it "excludes small actions" do
|
|
small_action = Fabricate(:small_action)
|
|
|
|
get "/posts.rss"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
body = response.body
|
|
|
|
expect(body).not_to include(small_action.canonical_url)
|
|
end
|
|
|
|
it "returns public posts with topic for json" do
|
|
topicless_post.update topic_id: -100
|
|
|
|
public_post
|
|
private_post
|
|
topicless_post
|
|
|
|
get "/posts.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
json = response.parsed_body
|
|
post_ids = json["latest_posts"].map { |p| p["id"] }
|
|
|
|
expect(post_ids).to include public_post.id
|
|
expect(post_ids).to_not include private_post.id
|
|
expect(post_ids).to_not include topicless_post.id
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#cooked" do
|
|
it "returns the cooked content" do
|
|
post = Fabricate(:post, cooked: "WAt")
|
|
get "/posts/#{post.id}/cooked.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
json = response.parsed_body
|
|
|
|
expect(json).to be_present
|
|
expect(json["cooked"]).to eq("WAt")
|
|
end
|
|
end
|
|
|
|
describe "#raw_email" do
|
|
include_examples "action requires login", :get, "/posts/2/raw-email.json"
|
|
|
|
describe "when logged in" do
|
|
let(:post) do
|
|
Fabricate(
|
|
:post,
|
|
deleted_at: 2.hours.ago,
|
|
user: Fabricate(:user),
|
|
raw_email: "email_content",
|
|
)
|
|
end
|
|
|
|
it "returns 403 when trying to view raw as user that created the post" do
|
|
sign_in(post.user)
|
|
|
|
get "/posts/#{post.id}/raw-email.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "returns 403 when trying to view raw email as a normal user" do
|
|
sign_in(user)
|
|
|
|
get "/posts/#{post.id}/raw-email.json"
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "can view raw email if the user is in the allowed group" do
|
|
sign_in(user)
|
|
SiteSetting.view_raw_email_allowed_groups = "trust_level_0"
|
|
|
|
get "/posts/#{post.id}/raw-email.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
json = response.parsed_body
|
|
expect(json["raw_email"]).to eq("email_content")
|
|
end
|
|
|
|
it "can view raw email" do
|
|
sign_in(moderator)
|
|
|
|
get "/posts/#{post.id}/raw-email.json"
|
|
expect(response.status).to eq(200)
|
|
|
|
json = response.parsed_body
|
|
expect(json["raw_email"]).to eq("email_content")
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#locked" do
|
|
before { sign_in(moderator) }
|
|
|
|
it "can lock and unlock the post" do
|
|
put "/posts/#{public_post.id}/locked.json", params: { locked: "true" }
|
|
expect(response.status).to eq(200)
|
|
public_post.reload
|
|
expect(public_post).to be_locked
|
|
|
|
put "/posts/#{public_post.id}/locked.json", params: { locked: "false" }
|
|
expect(response.status).to eq(200)
|
|
public_post.reload
|
|
expect(public_post).not_to be_locked
|
|
end
|
|
end
|
|
|
|
describe "#notice" do
|
|
it "can create and remove notices as a moderator" do
|
|
sign_in(moderator)
|
|
|
|
raw_notice = "Hello *world*!\n\nhttps://github.com/discourse/discourse"
|
|
put "/posts/#{public_post.id}/notice.json", params: { notice: raw_notice }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(public_post.reload.custom_fields[Post::NOTICE]).to eq(
|
|
"type" => Post.notices[:custom],
|
|
"raw" => raw_notice,
|
|
"cooked" => PrettyText.cook(raw_notice, features: { onebox: false }),
|
|
)
|
|
expect(UserHistory.where(action: UserHistory.actions[:post_staff_note_create]).count).to eq(1)
|
|
|
|
put "/posts/#{public_post.id}/notice.json", params: { notice: nil }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(public_post.reload.custom_fields[Post::NOTICE]).to eq(nil)
|
|
expect(UserHistory.where(action: UserHistory.actions[:post_staff_note_destroy]).count).to eq(
|
|
1,
|
|
)
|
|
end
|
|
|
|
describe "group moderators" do
|
|
fab!(:group_user)
|
|
let(:user) { group_user.user }
|
|
let(:group) { group_user.group }
|
|
|
|
before do
|
|
SiteSetting.enable_category_group_moderation = true
|
|
Fabricate(:category_moderation_group, category: topic.category, group:)
|
|
|
|
sign_in(user)
|
|
end
|
|
|
|
it "can create and remove notices as a group moderator" do
|
|
raw_notice = "Hello *world*!\n\nhttps://github.com/discourse/discourse"
|
|
put "/posts/#{public_post.id}/notice.json", params: { notice: raw_notice }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(public_post.reload.custom_fields[Post::NOTICE]).to eq(
|
|
"type" => Post.notices[:custom],
|
|
"raw" => raw_notice,
|
|
"cooked" => PrettyText.cook(raw_notice, features: { onebox: false }),
|
|
)
|
|
|
|
put "/posts/#{public_post.id}/notice.json", params: { notice: nil }
|
|
|
|
expect(response.status).to eq(200)
|
|
expect(public_post.reload.custom_fields[Post::NOTICE]).to eq(nil)
|
|
end
|
|
|
|
it "prevents a group moderator from altering notes outside of their category" do
|
|
topic.category.category_moderation_groups.where(group:).delete_all
|
|
|
|
put "/posts/#{public_post.id}/notice.json", params: { notice: "Hello" }
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
|
|
it "prevents a normal user from altering notes" do
|
|
group_user.destroy!
|
|
put "/posts/#{public_post.id}/notice.json", params: { notice: "Hello" }
|
|
|
|
expect(response.status).to eq(404)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#pending" do
|
|
subject(:request) { get "/posts/#{user.username}/pending.json" }
|
|
|
|
context "when user is not logged in" do
|
|
it_behaves_like "action requires login", :get, "/posts/system/pending.json"
|
|
end
|
|
|
|
context "when user is logged in" do
|
|
let(:pending_posts) { response.parsed_body["pending_posts"] }
|
|
|
|
before { sign_in(current_user) }
|
|
|
|
context "when current user is the same as user" do
|
|
let(:current_user) { user }
|
|
|
|
context "when there are existing pending posts" do
|
|
let!(:owner_pending_posts) do
|
|
Fabricate.times(2, :reviewable_queued_post, created_by: user)
|
|
end
|
|
let!(:other_pending_post) { Fabricate(:reviewable_queued_post) }
|
|
let(:expected_keys) do
|
|
%w[
|
|
avatar_template
|
|
category_id
|
|
created_at
|
|
created_by_id
|
|
name
|
|
raw_text
|
|
title
|
|
topic_id
|
|
topic_url
|
|
username
|
|
]
|
|
end
|
|
|
|
it "returns user's pending posts" do
|
|
request
|
|
expect(pending_posts).to all include "id" => be_in(owner_pending_posts.map(&:id))
|
|
expect(pending_posts).to all include(*expected_keys)
|
|
end
|
|
end
|
|
|
|
context "when there aren't any pending posts" do
|
|
it "returns an empty array" do
|
|
request
|
|
expect(pending_posts).to be_empty
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when current user is a staff member" do
|
|
let(:current_user) { moderator }
|
|
|
|
context "when there are existing pending posts" do
|
|
let!(:owner_pending_posts) do
|
|
Fabricate.times(2, :reviewable_queued_post, created_by: user)
|
|
end
|
|
let!(:other_pending_post) { Fabricate(:reviewable_queued_post) }
|
|
let(:expected_keys) do
|
|
%w[
|
|
avatar_template
|
|
category_id
|
|
created_at
|
|
created_by_id
|
|
name
|
|
raw_text
|
|
title
|
|
topic_id
|
|
topic_url
|
|
username
|
|
]
|
|
end
|
|
|
|
it "returns user's pending posts" do
|
|
request
|
|
expect(pending_posts).to all include "id" => be_in(owner_pending_posts.map(&:id))
|
|
expect(pending_posts).to all include(*expected_keys)
|
|
end
|
|
end
|
|
|
|
context "when there aren't any pending posts" do
|
|
it "returns an empty array" do
|
|
request
|
|
expect(pending_posts).to be_empty
|
|
end
|
|
end
|
|
end
|
|
|
|
context "when current user is another user" do
|
|
let(:current_user) { Fabricate(:user) }
|
|
|
|
it "does not allow access" do
|
|
request
|
|
expect(response).to have_http_status :not_found
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe Plugin::Instance do
|
|
describe "#add_permitted_post_create_param" do
|
|
fab!(:user)
|
|
let(:instance) { Plugin::Instance.new }
|
|
let(:request) do
|
|
Proc.new do
|
|
post "/posts.json",
|
|
params: {
|
|
raw: "this is the test content",
|
|
title: "this is the test title for the topic",
|
|
composer_open_duration_msecs: 204,
|
|
typing_duration_msecs: 100,
|
|
reply_to_post_number: 123,
|
|
string_arg: "123",
|
|
hash_arg: {
|
|
key1: "val",
|
|
},
|
|
array_arg: %w[1 2 3],
|
|
}
|
|
end
|
|
end
|
|
|
|
before do
|
|
sign_in(user)
|
|
SiteSetting.min_first_post_typing_time = 0
|
|
end
|
|
|
|
it "allows strings to be added" do
|
|
request.call
|
|
expect(@controller.send(:create_params)).not_to include(string_arg: "123")
|
|
|
|
instance.add_permitted_post_create_param(:string_arg)
|
|
request.call
|
|
expect(@controller.send(:create_params)).to include(string_arg: "123")
|
|
end
|
|
|
|
it "allows hashes to be added" do
|
|
instance.add_permitted_post_create_param(:hash_arg)
|
|
request.call
|
|
expect(@controller.send(:create_params)).not_to include(hash_arg: { key1: "val" })
|
|
|
|
instance.add_permitted_post_create_param(:hash_arg, :hash)
|
|
request.call
|
|
expect(@controller.send(:create_params)).to include(hash_arg: { key1: "val" })
|
|
end
|
|
|
|
it "allows strings to be added" do
|
|
instance.add_permitted_post_create_param(:array_arg)
|
|
request.call
|
|
expect(@controller.send(:create_params)).not_to include(array_arg: %w[1 2 3])
|
|
|
|
instance.add_permitted_post_create_param(:array_arg, :array)
|
|
request.call
|
|
expect(@controller.send(:create_params)).to include(array_arg: %w[1 2 3])
|
|
end
|
|
end
|
|
end
|
|
end
|